CVE-2018-15773 - OpenCVE

Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of sensitive system files.

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Data Protection \\| Encryption

Configuration 1 [-]

cpe:2.3:a:dell:data_protection_\|_encryption:*:*:*:*:enterprise:*:*:*

No data.

References

Link	Providers
https://www.dell.com/support/article/us/en/04/sln314963/dell-encryption-enterprise-dell-data-protection-encryption-information-disclosure-vulnerability?lang=en

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2018-12-05T18:00:00Z

Updated: 2024-09-16T22:14:02.961Z

Reserved: 2018-08-23T00:00:00

Link: CVE-2018-15773

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-12-05T18:29:00.253

Modified: 2018-12-26T20:46:58.250

Link: CVE-2018-15773

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Dell Encryption (formerly Dell Data Protection | Encryption)", "vendor": "Dell", "versions": [{"lessThan": "10.1.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Dell would like to thank Jan van der Put and Harm Blankers of REQON Security for reporting this vulnerability."}], "datePublic": "2018-12-03T00:00:00", "descriptions": [{"lang": "en", "value": "Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of sensitive system files."}], "problemTypes": [{"descriptions": [{"description": "information disclosure vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-05T17:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.dell.com/support/article/us/en/04/sln314963/dell-encryption-enterprise-dell-data-protection-encryption-information-disclosure-vulnerability?lang=en"}], "source": {"discovery": "UNKNOWN"}, "title": "Dell Encryption Enterprise \\ Dell Data Protection Encryption Information Disclosure Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "DATE_PUBLIC": "2018-12-03T18:00:00.000Z", "ID": "CVE-2018-15773", "STATE": "PUBLIC", "TITLE": "Dell Encryption Enterprise \\ Dell Data Protection Encryption Information Disclosure Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Dell Encryption (formerly Dell Data Protection | Encryption)", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "10.1.0"}]}}]}, "vendor_name": "Dell"}]}}, "credit": [{"lang": "eng", "value": "Dell would like to thank Jan van der Put and Harm Blankers of REQON Security for reporting this vulnerability."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of sensitive system files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "information disclosure vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://www.dell.com/support/article/us/en/04/sln314963/dell-encryption-enterprise-dell-data-protection-encryption-information-disclosure-vulnerability?lang=en", "refsource": "MISC", "url": "https://www.dell.com/support/article/us/en/04/sln314963/dell-encryption-enterprise-dell-data-protection-encryption-information-disclosure-vulnerability?lang=en"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:01:54.664Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.dell.com/support/article/us/en/04/sln314963/dell-encryption-enterprise-dell-data-protection-encryption-information-disclosure-vulnerability?lang=en"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2018-15773", "datePublished": "2018-12-05T18:00:00Z", "dateReserved": "2018-08-23T00:00:00", "dateUpdated": "2024-09-16T22:14:02.961Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:data_protection_\\|_encryption:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "5CE94EC4-776B-4BB5-9ABB-4A61CE7A74C6", "versionEndIncluding": "10.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of sensitive system files."}, {"lang": "es", "value": "Dell Encryption (anteriormente Dell Data Protection | Encryption), en versiones v10.1.0 y anteriores, contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Un usuario malicioso con acceso f\u00edsico a la m\u00e1quina podr\u00eda explotar esta vulnerabilidad para acceder a la carpeta RegBack sin cifrar, que contiene copias de seguridad de archivos sensibles del sistema."}], "id": "CVE-2018-15773", "lastModified": "2018-12-26T20:46:58.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-05T18:29:00.253", "references": [{"source": "security_alert@emc.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.dell.com/support/article/us/en/04/sln314963/dell-encryption-enterprise-dell-data-protection-encryption-information-disclosure-vulnerability?lang=en"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}